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DETAILED ACTION 
Drawings 

The drawings are objected to because Fig. 3 A does not indicate the "Yes" or 
"No" nature of the branches going out of the block 306. Corrected drawing sheets in 
compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should 
include all of the figures appearing on the immediate prior version of the sheet, even if 
only one figure is being amended. The figure or figure number of an amended drawing 
should not be labeled as "amended." If a drawing figure is to be canceled, the 
appropriate figure must be removed from the replacement sheet, and where necessary, 
the remaining figures must be renumbered and appropriate changes made to the brief 
description of the several views of the drawings for consistency. Additional replacement 
sheets may be necessary to show the renumbering of the remaining figures. Each 
drawing sheet submitted after the filing date of an application must be labeled in the, top 
margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121(d). If 
the changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to^the conditions and 
requirements of this title. 
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Claims 17 and 18 are rejected under 35 USC 101 because the claimed invention 
is directed to non-statutory subject matter. 

Regarding claim 17, from the specification, page 4, lines 1-7, it is evident that the 
computer-readable medium can be embodied in a signal such as carrier wave, because 
the specification states that the program instructions are sent over optical or electronic 
communication links. 

Regarding claim 18, this claim recites that the instructions are data signal 
embodied in a carrier wave. 

Signal and carrier wave are not physical "things". They are neither computer 
components nor statutory processes, as they are not "acts" being performed. Thus, 
claims 17 and 18 recite non-statutory subject mater and do not fulfill the requirements of 
35 U.S.C. 101. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published, under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-18 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Carter et al (2003/0051026 A1, hereinafter Carter). 
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Regarding claims 1, 17 and 18, Carter disclose: 

A method for securing a host service (see paragraph 0168) comprising: 
evaluating a risk to the host service based on communication with a remote 
system (see paragraphs 0168, 0178 and 0180); 

creating a risk profile for the host service (see paragraphs 0172, 0195, 0218, 
0261 and 0273, where information about the past unauthorized attempts, events and 
security state correspond to the recited risk profile); and 

deploying a security measure to protect the host service based on the risk profile 
(see paragraphs 0182, 0221, 0228 and 0306). 

Regarding claim 2, Carter disclose: 

A method for securing a host service as recited in claim 1 wherein creating a risk 
profile includes assigning a priority to the risk profile (see paragraphs 0234 and 0592). 

Regarding claim 3, Carter disclose: 

A method for securing a host service as recited in claim 1 wherein evaluating a 
risk to the host service further includes determining if the host service calls an interface 
(see paragraphs 059-0162, 0190 and 0367). 

Regarding claim 4, Carter disclose: 
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A method as recited in claim 1 wherein profiling a risk on the host further 
includes determining if an external application requests access to the host (see 
paragraphs 0195 and 0652). 

Regarding claim 5, Carter disclose: 

A method as recited in claim 1 wherein profiling a risk on the host further 
includes requesting data from the host (see paragraphs 0218). 

Regarding claim 6, Carter disclose: 

A method as recited in claim 1 wherein evaluating a risk to the host service 
further includes determining if the application is directly exchanging data with an 
external application (see paragraphs 0199, 0263 and 0652). 

Regarding claim 7, Carter disclose: 

A method as recited in claim 1 wherein creating the risk profile further includes 
determining if the application is indirectly exchanging data with the remote system (see 
paragraphs 0160, 0373 and 0652). 

Regarding claim 8, Carter disclose: 

A method as recited in claim 1 wherein creating the risk profile includes 
evaluating a file (see paragraphs 0190, and 0299). 
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Regarding claim 9, Carter disclose: 

A method as recited in claim 1 wherein creating the risk profile includes 
evaluating a programming interface (see paragraphs 0310 and 0374-0375). 

Regarding claim 10, Carter disclose: 

A risk profiling module comprising: 
a communications module for determining whether a data transfer involves the 
host (see paragraph 0542); 

a logic module for determining a risk on the host and assigning a priority to the 
risk (see paragraphs 0588 and 0592); and 

a repository for storing data from the communications module and the logic module (see 
paragraphs 0218 and 0785). 

Regarding claim 1 1 , Carter disclose: 

A risk profiling module as recited in claim 10 wherein the communications 
module samples data from a host service (see paragraph 0178). 

Regarding claim 12, Carter disclose: 

A risk profiling module as recited in claim 10 wherein the logic module 
determines if the host is called (see paragraphs 0542 and 0543). 

Regarding claim 13, Carter disclose: 
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A risk profiling module as recited in claim 10 wherein the communications 
module includes an external port interface for providing data from an external 
application (see paragraphs 0190 and 210). 

Regarding claim 14, Carter disclose: 

A risk profiling module as recited in claim 10 wherein the communications 
module includes an interprocess communications module for providing data from an 
internal application (see paragraphs 0190 and 0373). 

Regarding claim 15, Carter disclose: 

A system as recited in claim 10 wherein the risk profile module evaluates a port 
(see paragraph 0179). 

Regarding claim' 16, Carter disclose: 

A system as recited in claim 10 wherein the risk profile module evaluates an 
interface (see paragraph 0881). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US Pub. No. 2004/0044912 A1 to Connary et al. 

US Patent No. 6,938,156 B2 to Wheeler et al. 
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US Patent No. 6,895,512 B1 to Calbucci. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Abdulhakim Nobahar whose telephone number is 571- 
272-3808. The examiner can normally be reached on M-T 8-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR)*system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Abdulhakim Nobahar 
Examiner 



September 28, 2007 
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